This document provides railway operators, system integrators and product suppliers, with guidance and specifications on how cybersecurity will be managed in the context of EN 50126 1 RAMS lifecycle process. This document aims at the implementation of a consistent approach to the management of the security of the railway systems. This document can also be applied to the security assurance of systems and components/equipment developed independently of EN 50126 1:2017. This document applies to Communications, Signalling and Processing domain, to Rolling Stock and to Fixed Installations domains. It provides references to models and concepts from which requirements and recommendations can be derived and that are suitable to ensure that the residual risk from security threats is identified, supervised and managed to an acceptable level by the railway system duty holder. It presents the underlying security assumptions in a structured manner. This document does not address functional safety requirements for railway systems but rather additional requirements arising from threats and related security vulnerabilities and for which specific measures and activities need to be taken and managed throughout the lifecycle. The aim of this document is to ensure that the RAMS characteristics of railway systems / subsystems / equipment cannot be reduced, lost or compromised in the case of cyber attacks. The security models, the concepts and the risk assessment process described in this document are based on or derived from the IEC/EN IEC 62443 series. This document is consistent with the application of security management requirements contained within IEC 62443 2 1, which in turn are based on EN ISO/IEC 27001 and EN ISO 27002.

PDF Catalog

PDF Pages	PDF Title
208	undefined
216	1 Scope 2 Normative references 3 Terms, definitions and abbreviations 3.1 Terms and definitions
232	3.2 Abbreviations
235	4 Railway system overview 4.1 Introduction
236	4.2 Railway asset model
237	4.3 Railway physical architecture model
238	4.4 High-level railway zone model
240	5 Cybersecurity within a railway application lifecycle 5.1 Introduction 5.2 Railway application and product lifecycles 5.3 Activities, synchronization, and deliverables
244	5.4 Cybersecurity context and cybersecurity management plan 5.5 Relationship between cybersecurity and essential functions 5.5.1 General 5.5.2 Defence in depth
245	5.5.3 Security-related application conditions
246	5.5.4 Interfaces between cybersecurity and design team 5.5.5 Interfaces between the safety and the cybersecurity processes 5.5.5.1 Principles
247	5.5.5.2 Possible implementation through high level cybersecurity objectives
249	5.6 Cybersecurity assurance process
250	6 System definition and initial risk assessment 6.1 Introduction
251	6.2 Identification of the system under consideration 6.2.1 Definition of the SuC 6.2.2 Overall functional description 6.2.3 Access to the SuC
252	6.2.4 Essential functions 6.2.5 Assets supporting the essential functions 6.2.6 Threat landscape
253	6.3 Initial risk assessment 6.3.1 Impact assessment
254	6.3.2 Likelihood assessment
255	6.3.3 Risk evaluation 6.4 Partitioning of the SuC 6.4.1 Criteria for zones and conduits breakdown
256	6.4.2 Process for zones and conduits breakdown
257	6.5 Output and documentation 6.5.1 Description of the system under consideration 6.5.2 Documentation of the initial risk assessment 6.5.3 Definition of zones and conduits 7 Detailed risk assessment 7.1 General aspects
259	7.2 Establishment of cybersecurity requirements 7.2.1 General
260	7.2.2 Threat identification and vulnerability identification 7.2.2.1 Overview 7.2.2.2 Objectives
261	7.2.2.3 Activities/ Requirement or Recommendation
262	7.2.2.4 Deliverables 7.2.3 Vulnerability identification 7.2.3.1 Overview 7.2.3.2 Objectives 7.2.3.3 Activities / requirement or recommendation 7.2.3.4 Deliverables
263	7.2.4 Risk acceptance principles 7.2.4.1 General 7.2.4.2 Application of codes of practice 7.2.4.3 Reference systems
264	7.2.4.4 Deliverables 7.2.5 Derivation of SL-T by explicit risk evaluation
266	7.2.6 Determine initial SL 7.2.6.1 Overview
267	7.2.6.2 Objectives 7.2.6.3 Activities / Requirement or Recommendation 7.2.6.4 Deliverables 7.2.7 Determine countermeasures from EN IEC 6244333 7.2.7.1 Overview 7.2.7.2 Objectives
268	7.2.7.3 Activities / Requirement or Recommendation 7.2.7.4 Deliverables 7.2.8 Risk estimation and evaluation 7.2.8.1 Overview
269	7.2.8.2 Objectives 7.2.8.3 Activities / requirement or recommendation 7.2.8.4 Deliverables 7.2.9 Determine security level target 7.2.9.1 Overview
270	7.2.9.2 Objectives 7.2.9.3 Activities / Requirement or Recommendation 7.2.9.4 Deliverables 7.2.10 Cybersecurity requirements specification for zones and conduits
271	8 Cybersecurity requirements 8.1 Objectives 8.2 System security requirements
287	8.3 Apportionment of cybersecurity requirements 8.3.1 Objectives
288	8.3.2 Break down of system requirements to subsystem level 8.3.3 System requirement allocation at component level
289	8.3.4 Specific consideration for implementation of cybersecurity requirement on components 8.3.5 Requirement breakdown structure as verification 8.3.6 Compensating countermeasures
291	9 Cybersecurity assurance and system acceptance for operation 9.1 Overview
292	9.2 Cybersecurity case
293	9.3 Cybersecurity verification 9.3.1 General 9.3.2 Cybersecurity integration and verification
295	9.3.3 Assessment of results 9.4 Cybersecurity validation
296	9.5 Cybersecurity system acceptance 9.5.1 Independence 9.5.2 Objectives 9.5.3 Activities 9.5.4 Cybersecurity handover
297	10 Operational, maintenance and disposal requirements 10.1 Introduction 10.2 Vulnerability management
298	10.3 Security patch management 10.3.1 General
299	10.3.2 Patching systems while ensuring operational requirements
302	Annex A (informative)Handling conduits A.1 Introduction
303	A.2 Requirements for conduits in EN IEC 62443 A.3 Protection profiles for conduits
305	Annex B (informative)Handling legacy systems B.1 Introduction B.2 Basic security risks B.2.1 Denial of service attacks and vulnerability exploits B.2.2 Impersonation attack
306	B.3 Basic process activities B.3.1 General B.3.2 Zoning B.3.3 Defence in depth
307	B.3.4 Basic risk analysis B.3.5 (Re-)Commissioning B.3.6 Site acceptance test (SAT)
308	B.3.7 Operation B.3.8 Training of personnel B.3.9 Asset inventory B.4 Basic security countermeasures B.4.1 General B.4.2 Protect installation
309	B.4.3 Regular inspection of installation B.4.4 Closed network / perimeter protection B.4.5 Network segmentation / restricted data flow B.4.6 Network management system
310	B.4.7 Intrusion detection / SIEM B.4.8 Virtual private networks (VPN) B.4.9 Redundant communication B.4.10 Security gateway B.4.11 Handling mobile devices
311	Annex C (informative)Cybersecurity design principles C.1 Introduction C.2 Secure the weakest link
313	C.3 Defence-in-depth
315	C.4 Fail secure
316	C.5 Grant least privilege
318	C.6 Economize mechanism
321	C.7 Authenticate requests
322	C.8 Control access
325	C.9 Assume secrets not safe
326	C.10 Make security usable
328	C.11 Promote privacy
329	C.12 Audit and monitor
331	C.13 Proportionality principle
332	C.14 Precautionary principle
334	C.15 Continuous protection
335	C.16 Secure metadata
336	C.17 Secure defaults
338	C.18 Trusted components
340	Annex D (informative)Safety and security D.1 Introduction D.2 The differences between safety and security
341	D.3 Security from a safety perspective D.4 Co-engineering of safety and security
342	D.5 Quantification of security D.6 The relationship between safety integrity levels and security levels
343	D.7 Responsibility for security
344	Annex E (informative)Risk acceptance methods E.1 Introduction E.2 Example based on EN 501261 E.2.1 Introduction E.2.2 Impact assessment
345	E.2.3 Likelihood assessment
346	E.2.4 Risk acceptance E.2.5 Justification E.3 Example method – system integrator E.3.1 Introduction
347	E.3.2 Impact assessment E.3.3 Likelihood assessment
348	E.3.4 Risk acceptance
349	E.3.5 Justification E.4 Example method – infrastructure manager E.4.1 Introduction E.4.2 Impact assessment
350	E.4.3 Likelihood assessment E.4.4 Risk acceptance
351	E.4.5 Justification
352	Annex F (informative) Railway architecture and zoning F.1 Glossary to railway system overview
354	F.2 Zoning examples F.2.1 Introduction
355	F.2.2 Landside (fixed installations and signalling) F.2.2.1 Zone criticality
359	F.2.2.2 Zoning and segmentation
360	F.2.2.3 Communication rules
361	F.2.3 Rolling stock F.2.3.1 Zone criticality, zoning and segmentation F.2.3.2 Zone criticality and communication matrix in the rolling stock domain
362	F.2.3.3 Communication rules
364	F.2.4 Communication rules between rolling stock and landside F.2.4.1 Rolling stock and landside mapping table
367	F.2.4.2 General rules F.2.4.3 Rules for business IT F.2.4.4 Rules for operational technology (OT)
369	Annex G (informative)Cybersecurity deliverables content G.1 Introduction G.2 Cybersecurity management plan
370	G.3 Cybersecurity case

Published By	Publication Date	Number of Pages
BSI	2023	369


PDF Format	Searchable	Printable	Preview Now

Status	Definitive
Pages	369
Publication Date	2023-09-08
ISBN	978 0 539 28455 3
Standard Number	PD CLC/TS 50701:2023 – TC
Title	Tracked Changes. Railway applications. Cybersecurity
Descriptors	Data security, Security, Information technology, Railway engineering, Railway equipment, Railways, Rails
Publisher	BSI
Committee	GEL/9/-/6
ICS Codes	45.020 - Railway engineering in general

BSI PD CLC/TS 50701:2023 – TC

PDF Catalog

Related products